Writing for Bloomberg Law, Kirk Nahra, Arianna Evers and Ali Jessani discuss the Federal Trade Commission (FTC)’s recent policy related to its health breach notification rule. This statement comes a few months after the agency reached a settlement with Flo Health, a mobile app that allegedly impermissibly disclosed sensitive health data about millions of users.
In the article, the three authors note, “This policy statement indicates that the FTC will likely be taking an aggressive approach toward enforcing the rule and will likely interpret its authority under the rule broadly going forward—in ways that likely are unexpected for many in the industry.”
In addition, “While the rule has normally been considered relevant in the context of data breaches, the FTC stated that a health app that discloses users’ sensitive health information without their authorization would also be subject to the rule.”
Nahra, Evers and Jessani mention companies can comply by understanding what data they collect that may be subject to the rule.
Read the full article in Bloomberg Law.